// For flags

CVE-2021-33600

Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.

Se ha detectado una vulnerabilidad de denegación de servicio (DoS) en la interfaz de usuario web de F-Secure Internet Gatekeeper. La vulnerabilidad se produce porque un atacante puede desencadenar una aserción por medio de un paquete HTTP malformado a la interfaz web. Un atacante no autenticado podría explotar esta vulnerabilidad mediante el envío de un parámetro de nombre de usuario grande. Una explotación con éxito podría conllevar a una denegación de servicio del producto

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-05-27 CVE Reserved
  • 2021-09-28 CVE Published
  • 2024-06-13 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-617: Reachable Assertion
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
F-secure
Search vendor "F-secure"
Internet Gatekeeper
Search vendor "F-secure" for product "Internet Gatekeeper"
>= 5.10 <= 5.50.47
Search vendor "F-secure" for product "Internet Gatekeeper" and version " >= 5.10 <= 5.50.47"
-
Affected